Sushi DeFi Protocol Falls Victim to Second Exploit
The Sushi DeFi protocol has been hit by its second exploit this year, raising concerns about the security and integrity of the decentralized finance (DeFi) sector. Users have been advised by the protocol’s CTO to avoid using any decentralized applications (dApps) until further notice. The breach involves a compromised web3 connector that allows malicious code injection into various dApps. The LedgerHQ/connect-kit, a dApp used to connect other dApps to Ledger hardware wallets, is particularly vulnerable. The attack is not isolated but instead targets multiple dApps.
Potential Supply Chain Attack on Ledger Connect Kit
Further investigation reveals a potential supply chain attack on the ledger connect kit, with a wallet-draining payload injected into the popular Node Package Manager (NPM). This affects prominent dApps like Hey and others. The Zapper and Sushi frontends have also been hijacked, expanding the scope of the breach. Slowmist, a module of Ledger, confirms that their system was tampered with during the attack. Users are urged to exercise caution and scrutinize unexpected requests for wallet information.
Malicious Connect Kit Neutralized
Ledger has identified and removed a malicious version of the Ledger Connect Kit. Users are assured that their Ledger devices and Ledger Live remain uncompromised. A genuine version of the Connect Kit is being pushed as a replacement. Users are advised not to interact with any dApps at this time for their safety. Updates will be provided as efforts to address the security breach continue.
SUSHI Token Uptrend Threatened
Following the exploit, the native token of the Sushi DeFi protocol, SUSHI, has experienced a decline of over 4%. It had been on an uptrend before the exploit, but with the loss of its support level at $1.961, the uptrend may be invalidated. The uncertainty surrounding SUSHI raises the possibility of further downside in its price action, with the next significant support level at $1.084.
Hot Take: Sushi DeFi Protocol Faces Second Exploit, Raises Concerns for DeFi Security
The Sushi DeFi protocol’s second exploit has highlighted the vulnerability of decentralized applications and raised concerns about the security and integrity of the DeFi sector. The compromised web3 connector and supply chain attack on the ledger connect kit have exposed multiple dApps to malicious code injection. Users are advised to exercise caution and avoid interacting with any dApps for now. Ledger has taken action to neutralize the malicious version of the Connect Kit and is working on a genuine replacement. The fallout from the exploit has caused a decline in the SUSHI token’s price, threatening its previous uptrend. The incident serves as a reminder of the risks involved in DeFi investments and highlights the need for robust security measures.
By
By
By
By